package samples.chapter10;

import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;

// @Configuration
public class Chapter10MultiHttpSecurityConfig {
    // @Autowired
    PasswordEncoder passwordEncoder;

    // @Autowired
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin").password(passwordEncoder.encode("123456")).roles("ADMIN","USER")
                .and()
                .withUser("sang").password(passwordEncoder.encode("123456")).roles("USER");
    }

    // @Configuration
    @Order(1)
    public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/mapper/chapter10/admin/**")
                    .authorizeRequests()
                    .anyRequest().hasRole("ADMIN");
        }
    }

    // @Configuration
    @Order(2)
    public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().anyRequest()
                    .authenticated().and()
                    .formLogin()
                    .loginProcessingUrl("/mapper/chapter10/login")
                    .permitAll()
                    .and()
                    .csrf()
                    .disable();
        }
    }

}
